Fake apps and other vulnerabilities revealed

Once again, the Google Play Store became a gateway for hackers: researchers from the European security software manufacturer Eset have discovered a total of 13 fake apps that pretended to be tools for increasing or controlling Instagram follower numbers. The target of the attackers were login data of the popular social media platform. Google has already reacted and removed all affected apps from the Google Play Store, ESET said.

"Worthwhile business model"

For the first time, the programs - for example, "Instagram Followers", "Followers Insta" or "Fast Followers for Instagram" - appeared in Turkey, according to reports. Some of them would have used English localization to reach Instagram users worldwide. In total, the various apps had been downloaded 1.5 million times, it said. To entice users to download, they would have promised them a rapid increase in followers, likes and comments for their Instagram accounts. Ironically, the hacked accounts were used to boost the follower numbers of other users: the remote servers to which the credentials were sent operate websites offering users various packages for popularity boosters on Instagram, Eset writes. For the operators, this is a lucrative "business model".

How to protect yourself?

Anyone who has received a warning from Instagram about unauthorized access, is following a conspicuously large number of new Instagrammers, or discovers comments from their account that they have not posted themselves should react immediately, Eset advises. To do this, the Instagram password must be changed and the fake app must be uninstalled. To avoid getting into such a situation in the first place, there are a few tips for protecting your social media accounts:

• Use a separate password for each platform. Malware authors are known to use stolen credentials for multiple platforms.
• Do not enter sensitive information into third-party apps from the Google Play Store. To find out whether an app is reputable, you should always check the popularity of the developer and the number of installations as well as ratings and reviews beforehand. And here, too, it is better to take a closer look, because even Ratings can be falsified be
•  And to be on the safe side in any case, you should secure your device with a reliable mobile security solution.

Also vulnerability in WhatsApp and Telegram

The security researchers from Check Point Software Technologies Ltd. disclosed a new vulnerability in the online platforms WhatsApp and Telegram. Attackers exploiting this vulnerability were able to completely take over user accounts and access the personal and group conversations, photos, videos and other shared files, contact lists and other data.
"This new vulnerability puts hundreds of millions of WhatsApp and Telegram Web users at risk of having their accounts completely taken over," said Oded Vanunu, at Check Point. "A hacker can gain control of the account by simply sending an innocuous-looking photo, access message history and all photos ever shared, and send messages on behalf of the user."

The vulnerability allows the attacker to send malicious code to his victim, which is hidden in a harmless-looking image. Once the user clicks on the image, the attacker gains full access to the victim's WhatsApp or Telegram storage data, which in turn grants him full access to the victim's account. The attacker could then send the malicious file to all of the victim's contacts, potentially launching a targeted attack.

WhatsApp and Telegram have confirmed the security issue and have taken steps to mitigate the problem across all web clients, Check Point said. WhatsApp and Telegram web users who want to ensure they are using the latest version are advised to restart their browsers.

Demo videos for this can be found here:
WhatsApp: https://youtu.be/UR_i5XSAKrg
Telegram: https://youtu.be/26Ih4xTcP-E